IETF Logo Mail Archive

Re: [saag] Liking Linkability

Ben Laurie <benl@google.com> Mon, 22 October 2012 11:26 UTC

Return-Path: <benl@google.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5045321F8B71 for <saag@ietfa.amsl.com>; Mon, 22 Oct 2012 04:26:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.969
X-Spam-Level:
X-Spam-Status: No, score=-102.969 tagged_above=-999 required=5 tests=[AWL=0.008, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UrCipb-AoTsD for <saag@ietfa.amsl.com>; Mon, 22 Oct 2012 04:26:43 -0700 (PDT)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by ietfa.amsl.com (Postfix) with ESMTP id 3AD5121F8B70 for <saag@ietf.org>; Mon, 22 Oct 2012 04:26:43 -0700 (PDT)
Received: by mail-wi0-f172.google.com with SMTP id hq12so1932218wib.13 for <saag@ietf.org>; Mon, 22 Oct 2012 04:26:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record; bh=skpeUiZiKnpvkrMSI8FzHTs4x5m2o/i/JX500CSkXbY=; b=m4U7exuZUzyrOD9yWHB25qFvjrX0sMn45QgLjtCXWFG1K2+qc39EiuVlcGB6ci3tuo Ijxg+UwoI3bq8YMA089IylU/S9m6Jf7LUMzY80C3Y9CsXxV+pZoYiRzUF4Tczfa69+kb Dgs2UnFNL7nVuZlcOyoHxIbaCp2yrlJ9Do60ZsSZc55jyhd63jMU/vjh2oPUTKBiDrhg YBF7rUAzhwOT+71dtnEmTtN2i0QmY5nKlj/4TM53tflHTO+oh+v8su7+0YDrjYT8WrHX iWLVcyR4NWgtXI+W3hnYiUtuV6FogxqyotolRpx42XNPOpl6WBMJLhexGdhLVr+Y1dPf c/dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record:x-gm-message-state; bh=skpeUiZiKnpvkrMSI8FzHTs4x5m2o/i/JX500CSkXbY=; b=cVB8ly6oF1z8B3UHv7bu9FALRvBiJ5ircxcDbuDlfN7qGbxC1I8Jgevgqn3anwUQ42 /gWMadLkrn4g2sKaEGpRgRJOlm0B5l/ISiBgzebsX8BIa/R96oiJGhGGpdMdwcEMI5N1 netgwoA5zojRPf5vvzGgz2WqCpQ3/OPK3FLm4DJ9y3HMj6svo5NbMrwlalnY8AAGYcsK fYoCNIcKOiOBAOYXnxmoZzziC5IqYITDl0FWj1bYEZGp44LkFG9JPfdgTG+WL2sirlR0 MlBDQrYCGj3WA1fZ+Tw3e889yrcVdzambQrly3P3Ldbf12twLsnWCIgbK9hcpWQazQZ1 M/Rw==
MIME-Version: 1.0
Received: by 10.216.193.220 with SMTP id k70mr5694521wen.35.1350905202073; Mon, 22 Oct 2012 04:26:42 -0700 (PDT)
Received: by 10.194.76.170 with HTTP; Mon, 22 Oct 2012 04:26:41 -0700 (PDT)
In-Reply-To: <50852726.9030102@openlinksw.com>
References: <CCA5E789.2083A%Josh.Howlett@ja.net> <tslzk3jsjv8.fsf@mit.edu> <201210181904.PAA07773@Sparkle.Rodents-Montreal.ORG> <FB9E461D-CA62-4806-9599-054DF24C3FD9@bblfish.net> <CAG5KPzxGz+4MywjP4knfbDr2gyvqUZc1HEBXgtaDfYT+DPg5yg@mail.gmail.com> <8AB0C205-87AE-4F76-AA67-BC328E34AF5E@bblfish.net> <CABrd9SQghpi6_rVQKxYXZDtM5HwvE7Kq7SUw5zi41ZRd3y2h9A@mail.gmail.com> <4324B524-7140-49C0-8165-34830DD0F13B@bblfish.net> <CABrd9SQU1uYVaVPedokHxeYkT=759rkPFfimWK1Z8ATzo3yNFA@mail.gmail.com> <5083CCCF.2060407@webr3.org> <50842789.3080301@openlinksw.com> <50845268.4010509@webr3.org> <5084AC77.8030600@openlinksw.com> <50851512.9090803@webr3.org> <CABrd9SRNVLbWxifQAQ6iuX4qMeFmZVD6rO_q=L348G1UZzr9tg@mail.gmail.com> <50852726.9030102@openlinksw.com>
Date: Mon, 22 Oct 2012 12:26:41 +0100
Message-ID: <CABrd9SQ3KTqHq1hOfbLAU5hfgNyqCPK4u+ToEda+VtQ5S0utwA@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Kingsley Idehen <kidehen@openlinksw.com>
Content-Type: text/plain; charset="ISO-8859-1"
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQm8loZqkn6OU5uECTeXLwrMEVLqinC8rcS/Pe60aOCXCAjeyboeY/SaK3sYF2Msa+HTZUfqpUYvPaGrqgi4b8GdMICD1fj3M2UU6qbKafKX6jjGoUfmhAGi1GA8XSSVQE0MUVAHmA3SCuNG6UD3vDxXNuTI0VPR2aRBOo4iqG17w4sIFxA4h9U9vAZy3wupBRfyfMKT
X-Mailman-Approved-At: Mon, 22 Oct 2012 08:25:26 -0700
Cc: "public-philoweb@w3.org" <public-philoweb@w3.org>, nathan@webr3.org, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, Melvin Carvalho <melvincarvalho@gmail.com>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>
Subject: Re: [saag] Liking Linkability
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Oct 2012 11:26:44 -0000

On 22 October 2012 11:59, Kingsley Idehen <kidehen@openlinksw.com> wrote:
> On 10/22/12 5:54 AM, Ben Laurie wrote:
>>
>> Where we came in was me pointing out that if you disconnect your
>> identities by using multiple WebIDs, then you have a UI problem, and
>> since then the aim seems to have been to persuade us that multiple
>> WebIDs are not needed.
>
> Multiple WebIDs (or any other cryptographically verifiable identifier) are a
> must.
>
> The issue of UI is inherently subjective. It can't be used to objectively
> validate or invalidate Web-scale verifiable identifier systems such as
> WebID or any other mechanism aimed at achieving the same goals.

Ultimately what matters is: do users use it correctly? This can be tested :-)

Note that it is necessary to test the cases where the website is evil,
too - something that's often conveniently missed out of user testing.
For example, its pretty obvious that OpenID fails horribly in this
case, so it tends not to get tested.

>
> Anyway, Henry, I,  and a few others from the WebID IG (hopefully) are going
> to knock up some demonstrations to show how this perceived UI/UX
> inconvenience can be addressed.

Cool.

>
>
>
> --
>
> Regards,
>
> Kingsley Idehen
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>
>
>
>
>

v2.23.0 | Report a Bug | By Email